Security audit

Ztm Tunnel

Security checks across malware telemetry and agentic risk

Overview

This skill matches its tunnel-management purpose, but it should be reviewed because it can install and start a powerful network tunneling agent and its examples may expose services broadly without enough safety warnings.

Install only if you understand ZTM and intend to run a network tunnel agent. Prefer installing ZTM from a verified release, avoid copying 0.0.0.0 examples unless public/all-interface listening is intended, protect permit and root files, verify endpoint IDs and targets before opening tunnels, and close tunnels or stop the agent when no longer needed.

SkillSpector

By NVIDIA

Vulnerability Patterns

Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (4)

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The README repeatedly instructs users to bind tunnel listeners to 0.0.0.0 and expose local services through the mesh, but it does not explain that this makes the service reachable on all interfaces and can broaden access beyond what users expect. In a tunnel-management skill, that omission is security-relevant because users are specifically being guided to publish services and may unintentionally expose SSH, web apps, or UDP services to untrusted networks or peers.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The setup flow includes joining meshes, starting a hub on 0.0.0.0:8888, and using permit files, but it omits warnings about the trust model, sensitivity of permit/root files, and the consequences of opening a publicly reachable hub. That creates a realistic risk of users deploying network-facing infrastructure or joining meshes without understanding access control boundaries.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: These instructions encourage creating listeners on `0.0.0.0`, which exposes forwarded services on all interfaces without any safety warning. In a tunneling skill, this can unintentionally publish internal services to broader networks, enabling unauthorized access, lateral movement, or exposure of sensitive applications.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The examples show exposing SSH and web services through tunnels without discussing authentication hardening, network scoping, or the risks of forwarding privileged services. This is especially dangerous because SSH and internal web services are common targets; a user may copy-paste these examples and inadvertently expose sensitive infrastructure.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal